Google is planning to add end-to-end encryption (E2EE) to Gmail accounts accessed through a web browser, but not everyone will be able to take advantage of the new feature. According to a Friday announcement, only Google Workspace users will benefit from new E2EE email protections when exchanging messages.
Customers of Workspace Enterprise Plus, Education Plus, and Education Standard can now apply for Google’s client-side encryption (E2EE) beta until January 20. Google will use the beta period to fine-tune the new security feature before it goes live. (Google did not specify when this would occur, but it would be surprising if E2EE did not become more widely available in 2023.) It’s unclear whether Google will eventually make E2EE available to personal Gmail accounts as well as its remaining business and nonprofit customers.
This is the first time E2EE has been integrated into Gmail. Gmail currently employs transport layer security (TLS), which protects emails in transit as long as the receiving email provider can maintain a secure connection. TLS provides a reasonable level of protection for the average person; however, for businesses handling customer information, product development plans, and other sensitive material, TLS isn’t always sufficient. If government officials, internet service providers, and skilled hackers are motivated enough, they can still access the contents of TLS-protected communications, posing at best an additional source of stress.
Gmail will now be joined by Google Drive, Google Docs, Sheets, and Slides, Google Meet, and Google Calendar (the latter of which is also in E2EE beta) in offering full encryption between two or more users. According to Google’s Gmail E2EE beta application page, users must enable the feature once their application has been approved by accessing the administrative console. Once E2EE is enabled, users must choose whether to encrypt individual emails by clicking the lock option in the top right corner of their draft, followed by the “Turn On” button. The body of an email and any attachments, including inline images, will be encrypted by Google’s client-side encryption. Subject lines, timestamps, and recipient lists will not be encrypted.